Comodo hacker: I hacked DigiNotar too; other CAs breached

The hacker behind this year's Comodo hack has claimed responsibility for the …

The hack of Dutch certificate authority DigiNotar already bore many similarities to the break-in earlier this year that occurred at a reseller for CA Comodo. Bogus certificates were issued for webmail systems, which were in turn used to intercept Web traffic in Iran. Another similiarity has since emerged: the perpetrator of the earlier attacks is claiming responsibility for the DigiNotar break-in.

Calling himself ComodoHacker, the hacker claims that DigiNotar is not the only certificate authority he has broken into. He says that he has broken into GlobalSign, and a further four more CAs that he won't name. He also claimed that at one time he had access to StartCom.

The statement did not provide any specific details about how the hack was performed, offering only a high-level description of some of the things he did: he found passwords, used 0-day exploits, penetrated firewalls, and bypassed the cryptographic hardware that DigiNotar was using to gain remote access to machines. He said that a more detailed explanation would follow, when he had the time, and that it would serve as useful guidance for Anonymous and LulzSec. While lacking in detail, the hacker did include an Administrator-level username and password apparently used on DigiNotar's network. DigiNotar has not confirmed the authenticity of this information.

As with the statements issued after the Comodo hack, the DigiNotar statement was clear about one thing: the sophistication of the hack and the great skill it took.

ComodoHacker also justifed his attack on the Dutch certificate authority by blaming the Dutch for the murder of 8,000 muslims at Serbian hands in Srebrenica; "It's enough for Dutch government for now, to understand that 1 Muslim soldier worth 10000 Dutch government."

Meanwhile, the fallout from the hack continues. DigiNotar has, in effect, lost its status as a trusted root certificate authority. Its certificates have been blacklisted by Microsoft, Google, Mozilla, and Apple.

This is having some significant consequences for Dutch Internet users. Certificates issued by DigiNotar are used by the Dutch government, forcing the government to warn that it can no longer ensure the integrity of secure connections to its own websites. The government is now overseeing DigiNotar's operations as the certificate authority attempts to learn the full scope of the attacks. Since taking over, the government has issued a list of more than 500 fradulent certificates issued by DigiNotar.

Among these are certificates for *.*.com and *.*.org, which would allow someone in possession of the certificates to perform man-in-the-middle attacks for almost any site with a .com or .org domain—a far wider problem than initially assumed. The Tor Project has also discovered some unusual text in one of the certificates. It contains a number of phrases written in Farsi, which translate as "great cracker," "I will crack all encryption," and "I hate/break your head." This alludes to ComodoHacker's statement about the Comodo hack, in which he claimed to be able to break strong encryption.

There's also increasing evidence that the certificates were used widely within Iran. Trend Micro's Smart Protection Network collects many kinds of data, including domain name lookups. Over the past few weeks, the number of Iranian systems looking up DigiNotar's validation.diginotar.nl domain was far higher than normal, until it abruptly dropped on August 30th. This activity implies that with large numbers of Iranian machines were performing revocation checks on the bogus DigiNotar certificates during July and August. The abrupt stop in turn implies that traffic to validation.diginotar.nl has now been blocked within Iran.

This suggests that the number of man-in-the-middle attacks performed against Iranians was substantial, and that the attacks occurred over many weeks, making secure communication insecure for all those within Iran. After the Comodo hack, ComodoHacker made clear that he was deliberately acting to thwart anti-government dissidents within Iran. In spite of his criticism of the Dutch, the true target remains the Iranian people.

The implications for the certificate authority system remain uncertain. Both the Comodo and DigiNotar hacks demonstrate the considerable, and well-known, problems with the current system: certificates from a trusted authority are accepted unconditionally, and there are many such authorities, and their integrity cannot be assured. DigiNotar compounded the problems by being far from forthcoming about the nature and extent of the hack, a situation that has only improved since the Dutch government got involved. In contrast, Comodo was quick to notify browser vendors to notify them of the problem.

There are proposals such as DNSSEC, to make domain name information secure; CAA records, to allow DNS to denote that a domain should only accept certificates issued by particular certificate authorities; and DANE, to allow dissemination of certificates over DNS, that would go some way toward preventing similar attacks in the future. There are also systems that move away from absolutely trusted certificate authorities in favor of consensus-based trust. Such systems would both make it harder to perform man-in-the-middle attacks, and reduce the impact of certificate authority compromises. However, little action has been taken to make these systems a practical reality, as both require substantial changes to be made to the way DNS and certificates are issued and used.

A number of browser-based stopgap solutions are being devised to partially fill this gap. Certificate Patrol for Firefox provides alerts if a certificate has changed unexpectedly, which would reveal the use of fraudulent certificates. Convergence, also for Firefox, provides a kind of decentralized trust system instead of a fixed list of certificate authorities. Chrome's HTTPS pinning feature means that Chrome will only accept certificates issued by certain certificate authorities when visiting Google domains. This provides a kind of Google-specific, Chrome-specific equivalent to the CAA DNS proposal.

While these browser-based systems can protect users, they don't obviate the need for a more substantial overhaul of the entire certificate system. The DigiNotar hack demonstrates the need for change, but with considerable vested corporate interests in the current system—not to mention massive entrenchment—it could be a long time coming.

Regarding the Comodo Hacker, he is mentioned in Moxie Marlinspike's BlackHat 2011 talk on SSL And The Future Of Authenticity before this DigiNotar hack, although Moxie seems to think he's a bit of a dunce.Either way, the talk is entertaining and informative.

Regarding the Comodo Hacker, he is mentioned in Moxie Marlinspike's BlackHat 2011 talk on SSL And The Future Of Authenticity before this DigiNotar hack, although Moxie seems to think he's a bit of a dunce.Either way, the talk is entertaining and informative.

In before I can could post this. Just went over this. His product [url=convergence.io]convergence[/url] seems like it could be useful, if the major browser vendors got on board (after it all gets properly vetted, of course).

With the price of around $200 for a certificate, and almost nothing to make them theres a lot of easy money to be had which quite a few will fight tooth and nail to keep.

$200 is only for Extended Validation, you can get basic identity certs for nothing (beyond of course proof of identity). In principle it could be perfectly reasonable to charge that for EV, or for that matter even more, if there are actual humans spending a few hours doing serious verification.

But it's true some orgs are definitely treating even basic domain certs as a profit center, and that probably does create some perverse incentives. I hope we can see more of a split between domain ownership auth (DNSSEC should help there) vs ID auth, along with other changes like multiparty signing at the least. While bad, this whole scenario could have been much, much worse (major financial disruption say), so if it finally serves as a real spur to improve it could still leave us better off.

Why use the Hacker Dojo branding, a 501c3 pending collaborative workshop, for this story? They seem entirely unrelated to the incident. For the record, I'm not with Hacker Dojo though I am with another hackerspace. I refuse to believe Ars staff are so uneducated so as to not understand the different uses of the term hacker.

Why use the Hacker Dojo branding, a 501c3 pending collaborative workshop, for this story? They seem entirely unrelated to the incident. For the record, I'm not with Hacker Dojo though I am with another hackerspace. I refuse to believe Ars staff are so uneducated so as to not understand the different uses of the term hacker.

Why use the Hacker Dojo branding, a 501c3 pending collaborative workshop, for this story? They seem entirely unrelated to the incident. For the record, I'm not with Hacker Dojo though I am with another hackerspace. I refuse to believe Ars staff are so uneducated so as to not understand the different uses of the term hacker.

--Jacob

I didn't, someone else put the image in. It's now removed.

However, I have no truck with the "it's cracking, not hacking!" crowd. It's a totally boring discussion. Breaking into systems has been "hacking" for literally decades. It's not going to change.

Full HTTPS for a site with no sensitive information is a waste of resources.

Umm ... say that to the person who gets thrown in jail for reading a story about their government hacking its own citizens. The sensitive information label is highly dependent on the perspective offered by the article and those who are enlisted to trace your web activity.

Of course, HTTPS is useless if CAs can be hacked to issue fake SSL certificates.

"ComodoHacker also justifed his attack on the Dutch certificate authority by blaming the Dutch for the murder of 8,000 muslims at Serbian hands in Srebrenica; "It's enough for Dutch government for now, to understand that 1 Muslim soldier worth 10000 Dutch government."

Although there is no universally agreed on, legally binding, criminal law definition of terrorism, modern common definitions of terrorism refer to those violent acts which are intended to create fear, and are perpetrated for a religious, political or ideological goals, and deliberately target, or disregard the safety and welfare of, non-combatants.

Such a statement certainly has a political or ideological goal intended. Soldiers who are real soldiers worth anything do not target non-combatants purposely as this hacker did, so his/her act was pointless if this was indeed his/her purpose because he/she essentially said these soldiers would target non-combants, by his/her hacking act, and that makes them terrorist instead of soldiers. So I think that ComodoHacker needs to understand the cause he/she is touting, and that he/she doesn't understand that cause at all so I don't think this is a real reason at all and is pure BS intended to justify his/her actions in his/her own mind because he/she had no reason to do this other than the pure malicious intent of doing so.

Although there is no universally agreed, legally binding, criminal law definition of terrorism, common definitions of terrorism refer to those violent acts which are intended to create fear, and are perpetrated for a religious, political or ideological goal, and deliberately target, or disregard the safety of, non-combatants. Such a statement certainly has a political or ideological goal intended. Soldiers who are real soldiers worth anything do not target non-combatants purposely as this hacker did, so his/her act was pointless if this was indeed his/her purpose because he/she essentially said these soldiers would target non-combants, by his/her hacking act, and that makes them terrorist instead of soldiers.

Kind of like how Bush threatened Saddam with war for not allowing nuclear inspections, and then going for Shock and Awe as it rained fire on neighborhoods nearby the intended targets? Truly a double-edged sword. I don't see how the non-violent targeting of non-combatants in these hacks fit your definition of terrorist. In any event, even non-violent protestors get investigated as potential terrorists worthy of no-fly or indefinite detention without due process.

Although there is no universally agreed, legally binding, criminal law definition of terrorism, common definitions of terrorism refer to those violent acts which are intended to create fear, and are perpetrated for a religious, political or ideological goal, and deliberately target, or disregard the safety of, non-combatants. Such a statement certainly has a political or ideological goal intended. Soldiers who are real soldiers worth anything do not target non-combatants purposely as this hacker did, so his/her act was pointless if this was indeed his/her purpose because he/she essentially said these soldiers would target non-combants, by his/her hacking act, and that makes them terrorist instead of soldiers.

Kind of like how Bush threatened Saddam with war for not allowing nuclear inspections, and then going for Shock and Awe as it rained fire on neighborhoods nearby the intended targets? Truly a double-edged sword. I don't see how the non-violent targeting of non-combatants in these hacks fit your definition of terrorist. In any event, even non-violent protestors get investigated as potential terrorists worthy of no-fly or indefinite detention without due process.

You missed the point, the point is that this was not his/her reason at all and was pure BS. I did not say the hacking fit the definition, I was pointing out that it was a BS reason and not the reason at all. Read the whole thing and don't just take a part out of context.

Its a little bit different when a person like Sadamm says he has a nuclear program, touts his military might with missles targeting regions, and then does nothing to play nice with the rest of the world and assumes a war like footing and states that he would destroy this or that people and then gasses hundreds of kurds in his own country with chemical munitions intending on genocide, chews those opposing him up in a king sized meat grinder, then knowing an attack was imminent because of his lunacy does nothing to clear population centers and even uses his own people as human shields for some facilitites (endorsing the impression those were valid military targets which were known to have housed military war making hardware by Sadamms own admission when he touted them previously) and purposely placed those facilitites in population centers, yeah, i'd have a tendancy to attack him before he attacked me (or my allies). You can't say you have a gun and say you will use it, and expect that to be mistaken for anything else but that you will use the gun. Yeah, I would have taken action against the SOB too.

Full HTTPS for a site with no sensitive information is a waste of resources.

Umm ... say that to the person who gets thrown in jail for reading a story about their government hacking its own citizens. The sensitive information label is highly dependent on the perspective offered by the article and those who are enlisted to trace your web activity.

Of course, HTTPS is useless if CAs can be hacked to issue fake SSL certificates.

Hmm, ok.Well for those of us who aren't so paranoid....I think we'll take the risk.

Full HTTPS for a site with no sensitive information is a waste of resources.

Umm ... say that to the person who gets thrown in jail for reading a story about their government hacking its own citizens. The sensitive information label is highly dependent on the perspective offered by the article and those who are enlisted to trace your web activity.

HTTPS does nothing to hide the sites you visit, and little to keep a government from determining the specific articles you read.

Full HTTPS for a site with no sensitive information is a waste of resources.

Umm ... say that to the person who gets thrown in jail for reading a story about their government hacking its own citizens. The sensitive information label is highly dependent on the perspective offered by the article and those who are enlisted to trace your web activity.

Of course, HTTPS is useless if CAs can be hacked to issue fake SSL certificates.

That doesn't happen. Law enforcement has enough to do going after actual criminals, and with the economy the way it is they're also understaffed, creating more workload.

Full HTTPS for a site with no sensitive information is a waste of resources.

SSL closes off the most direct and least obviously unethical forms of deep packet inspection and modification. I know we've all got our focus on different matters at the present time, but that is still an issue AFAIK.

The certificate system is totally borked, but just like with IPv4, the migration to a better scheme is going to be foiled by the mind-toppling inertia of the current system. Small changes aren't going to fix the certification system, when the certifying authorities aren't trustworthy. Period.

There were some fraudulent certificates issued by Verisign for Microsoft early this decade. They should be listed somewhere in your browser. Verisign still exists but I don't know how bad the situation now is compared to then.

I can't help but play conspiracy theorist. How do we know this guy is actually Iranian? This could all be some ploy to create misdirection. I mean, if I were the CIA and I hacked the CAs to give myself fraudulent certs, I would post crazy shit to throw everyone off (1000 hackers, vengeance against the Dutch for harming Muslims, I can crack RSA, write stuff in Farsi, etc). Then when the media finds the info, they'll disseminate it as fact.

So are both of these companies out of business now that they got hacked? It seems like once a root CA gets removed from browsers, it becomes uselss, right?

No, they'll simply issue new root certificates and have them installed on your machine automatically in some future OS/Browser update. This is a normal part of the process.

Of course, the OS/Browser makers will want to thoroughly vet the CA's trustworthiness and security infrastructure before installing their new certificates.

Which is why I think this article is a overblowing things a little. There is already a process in place to handle compromised certificate authorities. The process is working. Maybe not as fast as some would have liked, but it is working.

So some guy reads the paper, and starts making announcements to get folks beleiving he's a muslim hacker just out for vengeance, b/c obviously everyone hates muslims these days. (Not really, but it is a scare-tactic.)

Sure, whatever.

Stare carefully at my right-hand waving in your face, that way you can't see my left-hand picking your pocket.

Full HTTPS for a site with no sensitive information is a waste of resources.

Umm ... say that to the person who gets thrown in jail for reading a story about their government hacking its own citizens. The sensitive information label is highly dependent on the perspective offered by the article and those who are enlisted to trace your web activity.

Of course, HTTPS is useless if CAs can be hacked to issue fake SSL certificates.

Hmm, ok.Well for those of us who aren't so paranoid....I think we'll take the risk.

Speak for yourself. First off, not all countries are ok with people reading articles like this. Iran, in particular, has a nasty habit of making dissidents disappear.

That aside, I'd to have the option at least. Yeah, it's not as bad if someone hacks this account as opposed to them hacking my email but it'd be nice. I might even consider paying for it somehow.